[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[Beniamin Marcu]

I think I'm not going to dig more into it. It looks too much like a rabbit 
hole. I was giving a thought to Fediz IDP from Apache. This is basically is 
used in CAS.
I'm running out of time to prove this one out, and I'm going to leave it.
thank you for your reply. 


On Tuesday, October 30, 2018 at 9:28:52 AM UTC-7, Alin Tomoiaga wrote:
>
> Hi Beni,
>
> This has been a very frustrating issue and I have never managed to get it 
> working correctly.
> Interestingly, different cas versions error out but with different errors: 
> 5.1.9 seemed to get past this cxf error but had another problem.
> (on the other hand, saml support worked like a charm with various cas 
> versions)
> I generated the keystore using keytool, but at this point, I am pretty 
> sure this cxf error is a bug...
>
> I would still like to get it working so still open to suggestions.
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/dbec2930-727f-45e7-8750-ba888ad266c2%40apereo.org.

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[Alin Tomoiaga]

Hi Beni,

This has been a very frustrating issue and I have never managed to get it 
working correctly.
Interestingly, different cas versions error out but with different errors: 
5.1.9 seemed to get past this cxf error but had another problem.
(on the other hand, saml support worked like a charm with various cas 
versions)
I generated the keystore using keytool, but at this point, I am pretty sure 
this cxf error is a bug...

I would still like to get it working so still open to suggestions.


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1075d165-cadd-4244-b991-8b3632b97333%40apereo.org.

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[Beniamin Marcu]

Hi Alin, 

Have you been able to start CAS server with the generated keys? How did you 
manage to generate the required keyStore files and the stscasrealm.jks in 
the end?
Please advice. I am dealing with this for over a week and I'm not able to 
start CAS server with WS Fed support. 

thank you so much.
Beni


On Thursday, May 3, 2018 at 8:43:18 AM UTC-7, Alin Tomoiaga wrote:
>
> There are some encryption parameters that I have tried, but I am not sure 
>> what they do. I generated my own jks with the java keytool and placed them 
>> at the specified locations. Do these settings have anything to do with the 
>> cxf error above? Maybe, I tried to generate jks files with keytool, 
>> otherwise the server does not start, but am I doing it wrong?
>>
>
>
> keytool -genkey -alias realmcas -keyalg RSA -validity 10800 -keystore 
> stscasrealm.jks
> keytool -export -alias ralmcas -keystore stscasrealm.jks -rfc -file 
> X509_certificate.cer
>  
>
>  
>  cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS
>  cas.authn.wsfedIdp.idp.realmName=CAS
>
>  cas.authn.wsfedIdp.sts.signingKeystoreFile=/etc/cas/config/ststrust.jks
>  cas.authn.wsfedIdp.sts.signingKeystorePassword=storepass
>
>  cas.authn.wsfedIdp.sts.encryptionKeystoreFile=/etc/cas/config/stsencrypt.jks
>  cas.authn.wsfedIdp.sts.encryptionKeystorePassword=storepass
>
> # cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified
> # cas.authn.wsfedIdp.sts.encryptTokens=true
>
> # cas.authn.wsfedIdp.sts.realm.keystoreFile=/etc/cas/config/stscasrealm.jks
> # cas.authn.wsfedIdp.sts.realm.keystorePassword=storepass
> # cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas
> # cas.authn.wsfedIdp.sts.realm.keyPassword=cas
> # cas.authn.wsfedIdp.sts.realm.issuer=CAS
>  
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/32a90cb8-f564-4837-ba6b-213500e2da32%40apereo.org.

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[Alin Tomoiaga]

One correction:

In the cxf sources, it is not
Object[] obj = this.client.invoke(boi, new Object[]{new 
DOMSource(writer.getDocument().getDocumentElement())}); 

Instead it's: 

Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument(). 
getDocumentElement())); 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4d70034b-b003-440d-924c-a0dda9653000%40apereo.org.

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[Alin Tomoiaga]

Brought up cas under debug mode:

- the error happens in 
org.apache.cxf.ws.security.trust.AbstractSTSClient.issue() at this line:
Object[] obj = this.client.invoke(boi, new Object[]{new 
DOMSource(writer.getDocument().getDocumentElement())});

The error is:
org.apache.cxf.binding.soap.SoapFault: object is not an instance of 
declaring class while invoking public javax.xml.transform.Source 
org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider.invoke(javax.xml.transform.Source)
 
with params [org.apache.cxf.staxutils.StaxSource@601c0935].


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/871c86cd-6058-4276-8342-c05cdeb9551f%40apereo.org.

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[Alin Tomoiaga]

I got  a reply from one of the apereo developers and he did not rule out 
the possibility of a bug; advised I should stand up cas in debug mode which 
I will work on.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9da5d4fa-a253-409a-bcf8-9669c089a0b1%40apereo.org.

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[AT]

>
> There are some encryption parameters that I have tried, but I am not sure 
> what they do. I generated my own jks with the java keytool and placed them 
> at the specified locations. Do these settings have anything to do with the 
> cxf error above? Maybe, I tried to generate jks files with keytool, 
> otherwise the server does not start, but am I doing it wrong?
>


keytool -genkey -alias realmcas -keyalg RSA -validity 10800 -keystore 
stscasrealm.jks
keytool -export -alias ralmcas -keystore stscasrealm.jks -rfc -file 
X509_certificate.cer
 

 
 cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS
 cas.authn.wsfedIdp.idp.realmName=CAS

 cas.authn.wsfedIdp.sts.signingKeystoreFile=/etc/cas/config/ststrust.jks
 cas.authn.wsfedIdp.sts.signingKeystorePassword=storepass
 cas.authn.wsfedIdp.sts.encryptionKeystoreFile=/etc/cas/config/stsencrypt.jks
 cas.authn.wsfedIdp.sts.encryptionKeystorePassword=storepass

# cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified
# cas.authn.wsfedIdp.sts.encryptTokens=true

# cas.authn.wsfedIdp.sts.realm.keystoreFile=/etc/cas/config/stscasrealm.jks
# cas.authn.wsfedIdp.sts.realm.keystorePassword=storepass
# cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas
# cas.authn.wsfedIdp.sts.realm.keyPassword=cas
# cas.authn.wsfedIdp.sts.realm.issuer=CAS
 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/497f8ba6-9df9-4f8e-973b-c3506728ba25%40apereo.org.

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[AT]

Are the log entries before the error normal, is it ok that no service can 
be extracted? Any suggestion would be useful at this point. Thank you.

^[[36m2018-04-27 06:34:11,481 DEBUG 
[org.apereo.cas.web.support.DefaultArgumentExtractor] - ^[[m
^[[36m2018-04-27 06:34:11,481 DEBUG 
[org.apereo.cas.web.support.AbstractArgumentExtractor] - ^[[m
^[[36m2018-04-27 06:34:11,506 DEBUG 
[org.apache.wss4j.dom.processor.TimestampProcessor] - ^[[m
^[[36m2018-04-27 06:34:11,506 DEBUG [org.apache.wss4j.common.util.DateUtil] 
- ^[[m
^[[36m2018-04-27 06:34:11,506 DEBUG 
[org.apache.wss4j.dom.processor.UsernameTokenProcessor] - ^[[m
^[[36m2018-04-27 06:34:11,508 DEBUG [org.apereo.cas.util.EncodingUtils] - 
^[[m
^[[33m2018-04-27 06:34:11,519 WARN 
[org.apache.cxf.phase.PhaseInterceptorChain] - http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService#{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Issue
 
has thrown exception, unwinding now>^[[m
org.apache.cxf.interceptor.Fault: object is not an instance of declaring 
class while invoking public javax.xml.transform.Source 
org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider.invoke(javax.xml.transform.Source)
 
with params [org.apache.cxf.staxutils.StaxSource@5056ac0].
at 
org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:166)
 
~[cxf-core-3.2.2.jar:3.2.2]
at 
org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.createFault(AbstractJAXWSMethodInvoker.java:267)
 
~[cxf-rt-frontend-jaxws-3.2.2.jar:3.2.2]
at 
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:140) 
~[cxf-core-3.2.2.jar:3.2.2]
at 
org.apache.cxf.jaxws.AbstractJAXWSMethodInvoker.invoke(AbstractJAXWSMethodInvoker.java:232)
 
~[cxf-rt-frontend-jaxws-3.2.2.jar:3.2.2]
at 
org.apache.cxf.jaxws.JAXWSMethodInvoker.invoke(JAXWSMethodInvoker.java:85) 
~[cxf-rt-frontend-jaxws-3.2.2.jar:3.2.2]
at 
org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:74) 
~[cxf-core-3.2.2.jar:3.2.2]
at 
org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
 
~[cxf-core-3.2.2.jar:3.2.2]
at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) 
~[?:1.8.0_121]

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3e33d2ae-c720-4359-8caf-b0719c908d86%40apereo.org.

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[AT]

So, to summarize, why is cas showing the error "Application not authorized" 
when I am trying to go to url https://mycasserver/ws/idp/federation?


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/fbcc92fc-b687-4c55-a486-34222832dc68%40apereo.org.

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[AT]

>
> But now I have a problem with integrating with a client; 
>>
> The client app needs (from the documentation)

   - The Federation Service Identifier of the ADFS server, which is located 
   on the main ADFS properties dialog in the ADFS management application. –

 I gave them: https:///xxx/ 
ws/sts/CAS

   - The WS-Federation Passive endpoint for the ADFS server. The format is 
   usually "https://myadfsserver.com/adfs/ls/; or similar. It is located in 
   the ADFS management application, under the Endpoints section.

 I gave them: https:///xxx/ 
ws/idp/federation
 

Now tthe app redirects to https:////xxx/ 

/ws/idp/federation?wa=wsignin1.0=https://clientapp/

and my cas server displays an error message: "
Application Not Authorized to Use CAS
". I did however register the client url as described 
here: https://apereo.github.io/cas/5.2.x/protocol/WS-Federation-Protocol.html.


If anyone has more information on how and where configuration should go, it 
would be greatly appreciated.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bb782235-15ad-4e1f-a1a4-9aa8470a8822%40apereo.org.

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[AT]

Here is my pom.xml.

On Thursday, April 19, 2018 at 8:03:32 PM UTC-5, AT wrote:
>
> My cas.properties:
>>>
>>
> cas.server.name: https:///xxx
> cas.server.prefix: https:///xxx
>
> cas.serviceRegistry.initFromJson=true
>
> cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS
> cas.authn.wsfedIdp.idp.realmName=CAS
>
>
> cas.authn.wsfedIdp.sts.signingKeystoreFile=
> cas.authn.wsfedIdp.sts.signingKeystorePassword=
> cas.authn.wsfedIdp.sts.encryptionKeystoreFile=
> cas.authn.wsfedIdp.sts.encryptionKeystorePassword=
>
> # cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified
> cas.authn.wsfedIdp.sts.encryptTokens=false
>
>
>
> cas.authn.wsfedIdp.sts.realm.keystoreFile=/etc/cas/configadvise/stscasrealm.jks
> cas.authn.wsfedIdp.sts.realm.keystorePassword=storepass
> cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas
> cas.authn.wsfedIdp.sts.realm.keyPassword=storepass
> cas.authn.wsfedIdp.sts.crypto.enabled=false
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f185be9a-9b18-4864-add4-6ba1b0b1b3cd%40apereo.org.


pom.xml
Description: XML document

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[AT]

>
> My cas.properties:
>>
>
cas.server.name: https:///xxx
cas.server.prefix: https:///xxx

cas.serviceRegistry.initFromJson=true

cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS
cas.authn.wsfedIdp.idp.realmName=CAS


cas.authn.wsfedIdp.sts.signingKeystoreFile=
cas.authn.wsfedIdp.sts.signingKeystorePassword=
cas.authn.wsfedIdp.sts.encryptionKeystoreFile=
cas.authn.wsfedIdp.sts.encryptionKeystorePassword=

# cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified
cas.authn.wsfedIdp.sts.encryptTokens=false


cas.authn.wsfedIdp.sts.realm.keystoreFile=/etc/cas/configadvise/stscasrealm.jks
cas.authn.wsfedIdp.sts.realm.keystorePassword=storepass
cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas
cas.authn.wsfedIdp.sts.realm.keyPassword=storepass
cas.authn.wsfedIdp.sts.crypto.enabled=false

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d39484cd-2bc3-4bdc-a916-bdf281c6fb97%40apereo.org.

Re: [cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[Seb]

It is better with 5.2.3-SNAPSHOT.

Now i've this error :

WARN 
[org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext]
 
- ^[[m

^[[33m2018-02-21 22:51:33,971 WARN 
[org.apereo.cas.util.io.PathWatcherService] - ^[[m

^[[1;31m2018-02-21 22:51:34,015 ERROR 
[org.springframework.boot.SpringApplication] - 
^[[m

org.springframework.beans.factory.BeanCreationException: Error creating 
bean with name 'scopedTarget.casRealm' defined in class path resource 
[org/apereo/cas/config/CoreWsSecuritySecurityTokenServiceConfiguration.class]: 
Bean instantiation via factory method failed; nested exception is 
org.springframework.beans.BeanInstantiationException: Failed to instantiate 
[org.apache.cxf.sts.token.realm.RealmProperties]: Factory method 'casRealm' 
threw exception; nested exception is 
org.springframework.beans.factory.BeanCreationException: Keystore file, 
password or alias assigned to the realm must be defined


Any Help?


Thank you

Le mercredi 21 février 2018 21:57:00 UTC+1, Misagh Moayyed a écrit :
>
> Do you see the same problem with 5.2.3-SNAPSHOT? 
>
> --Misagh
>
> --
>
> *From: *"Seb" <sre...@cdg33.fr >
> *To: *"CAS Community" <cas-...@apereo.org >
> *Sent: *Wednesday, February 21, 2018 1:53:20 PM
> *Subject: *[cas-user] Re: Problem integrating CAS 5.2.2 with WS 
> Federation Identity Provider
>
>
> Hello,
>
> same problem as Stephen with 5.2.2, 
>
> problem still alive with 5.3.0-RC2.
>
> AT can you share your cas.properties and your pom.xml?
>
> thank you
>
>
> Le vendredi 2 février 2018 14:00:56 UTC+1, Steffen Fenger a écrit :
>>
>> Hello,
>>
>>
>> I  would like configure a WS Federation Identity Provider with CAS Maven 
>> WAR Overlay. I'm added two Dependency to pom.xml 
>>
>> Based on this article
>>
>>  https://apereo.github.io/cas/5.2.x/protocol/WS-Federation-Protocol.html#
>>
>> 
>> org.apereo.cas
>> cas-server-support-ws-sts
>> ${cas.version}
>> 
>> 
>> org.apereo.cas
>> cas-server-support-ws-idp
>> ${cas.version}
>> 
>>   
>>
>> The CAS Application Start's with follow Error:
>>
>> Log file:
>>
>> 2018-02-02 13:35:01,533 WARN 
>> [org.apereo.cas.web.CasWebApplicationContext] - > during context initialization - cancelling refresh attempt: 
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
>> creating bean with name 'casReportsConfiguration': Unsatisfied dependency 
>> expressed through field 'cas3ServiceSuccessView'; nested exception is 
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
>> creating bean with name 'casValidationConfiguration': Unsatisfied 
>> dependency expressed through field 'centralAuthenticationService'; nested 
>> exception is 
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
>> creating bean with name 'centralAuthenticationService' defined in class 
>> path resource [org/apereo/cas/config/CasCoreConfiguration.class]: 
>> Unsatisfied dependency expressed through method 
>> 'centralAuthenticationService' parameter 0; nested exception is 
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
>> creating bean with name 'authenticationServiceSelectionPlan' defined in 
>> class path resource [org/apereo/cas/config/CasCoreConfiguration.class]: 
>> Unsatisfied dependency expressed through method 
>> 'authenticationServiceSelectionPlan' parameter 0; nested exception is 
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
>> creating bean with name 'coreWsSecurityIdentityProviderConfiguration': 
>> Unsatisfied dependency expressed through field 
>> 'loginFlowDefinitionRegistry'; nested exception is 
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
>> creating bean with name 'casWebflowContextConfiguration': Unsatisfied 
>> dependency expressed through field 'registeredServiceViewResolver'; nested 
>> exception is 
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
>> creating bean with name 'casThemesConfiguration': Unsatisfied dependency 
>> expressed through field 'authenticationRequestServiceSelectionStrategies'; 
>> nested exception is 
>> org.springframework.beans.factory.BeanCurrentlyInCreationException: Error 
>> creating bean with name 'authenticationServiceSelectionPlan': Requested 
>> b

Re: [cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[Misagh Moayyed]

Do you see the same problem with 5.2.3-SNAPSHOT? 

--Misagh 

> From: "Seb" <sre...@cdg33.fr>
> To: "CAS Community" <cas-user@apereo.org>
> Sent: Wednesday, February 21, 2018 1:53:20 PM
> Subject: [cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation
> Identity Provider

> Hello,

> same problem as Stephen with 5.2.2,

> problem still alive with 5.3.0-RC2.

> AT can you share your cas.properties and your pom.xml?

> thank you

> Le vendredi 2 février 2018 14:00:56 UTC+1, Steffen Fenger a écrit :
>> Hello,

>> I would like configure a WS Federation Identity Provider with CAS Maven WAR
>> Overlay. I'm added two Dependency to pom.xml

>> Based on this article

>> https://apereo.github.io/cas/5.2.x/protocol/WS-Federation-Protocol.html#

>> 
>> org.apereo.cas
>> cas-server-support-ws-sts
>> ${cas.version}
>> 
>> 
>> org.apereo.cas
>> cas-server-support-ws-idp
>> ${cas.version}
>> 

>> The CAS Application Start's with follow Error:

>> Log file:

>> 2018-02-02 13:35:01,533 WARN [org.apereo.cas.web.CasWebApplicationContext] -
>> > attempt: org.springframework.beans.factory.UnsatisfiedDependencyException:
>> Error creating bean with name 'casReportsConfiguration': Unsatisfied 
>> dependency
>> expressed through field 'cas3ServiceSuccessView'; nested exception is
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
>> creating bean with name 'casValidationConfiguration': Unsatisfied dependency
>> expressed through field 'centralAuthenticationService'; nested exception is
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
>> creating bean with name 'centralAuthenticationService' defined in class path
>> resource [org/apereo/cas/config/CasCoreConfiguration.class]: Unsatisfied
>> dependency expressed through method 'centralAuthenticationService' parameter 
>> 0;
>> nested exception is
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
>> creating bean with name 'authenticationServiceSelectionPlan' defined in class
>> path resource [org/apereo/cas/config/CasCoreConfiguration.class]: Unsatisfied
>> dependency expressed through method 'authenticationServiceSelectionPlan'
>> parameter 0; nested exception is
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
>> creating bean with name 'coreWsSecurityIdentityProviderConfiguration':
>> Unsatisfied dependency expressed through field 'loginFlowDefinitionRegistry';
>> nested exception is
>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
>> creating bean with name 'casWebflowContextConfiguration': Unsatisfied
>> dependency expressed through field 'registeredServiceViewResolver'; nested
>> exception is 
>> org.springframework.beans.factory.UnsatisfiedDependencyException:
>> Error creating bean with name 'casThemesConfiguration': Unsatisfied 
>> dependency
>> expressed through field 'authenticationRequestServiceSelectionStrategies';
>> nested exception is
>> org.springframework.beans.factory.BeanCurrentlyInCreationException: Error
>> creating bean with name 'authenticationServiceSelectionPlan': Requested bean 
>> is
>> currently in creation: Is there an unresolvable circular reference?>
>> 2018-02-02 13:35:04,075 ERROR
>> [org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - <

>> ***
>> APPLICATION FAILED TO START
>> ***

>> Description:

>> The dependencies of some of the beans in the application context form a 
>> cycle:

>> casReportsConfiguration (field private org.springframework.web.servlet.View
>> org.apereo.cas.web.report.config.CasReportsConfiguration.cas3ServiceSuccessView)
>> ↓
>> casValidationConfiguration (field private
>> org.apereo.cas.CentralAuthenticationService
>> org.apereo.cas.web.config.CasValidationConfiguration.centralAuthenticationService)
>> ↓
>> centralAuthenticationService defined in class path resource
>> [org/apereo/cas/config/CasCoreConfiguration.class]
>> ┌─┐
>>| authenticationServiceSelectionPlan defined in class path resource
>> | [org/apereo/cas/config/CasCoreConfiguration.class]
>> ↑ ↓
>>| coreWsSecurityIdentityProviderConfiguration (field private
>>| org.springframework.webflow.definition.registry.FlowDefinitionRegistry
>> | 
>> org.apereo.cas.config.CoreWsSecurityIdentityProviderConfiguration.loginFlowDefinitionRegistry)
>> ↑ ↓
>>| casWebflowContextConfiguration (field private
>>| org.springfr

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[Seb]

Hello,

same problem as Stephen with 5.2.2, 

problem still alive with 5.3.0-RC2.

AT can you share your cas.properties and your pom.xml?

thank you


Le vendredi 2 février 2018 14:00:56 UTC+1, Steffen Fenger a écrit :
>
> Hello,
>
>
> I  would like configure a WS Federation Identity Provider with CAS Maven 
> WAR Overlay. I'm added two Dependency to pom.xml 
>
> Based on this article
>
>  https://apereo.github.io/cas/5.2.x/protocol/WS-Federation-Protocol.html#
>
> 
> org.apereo.cas
> cas-server-support-ws-sts
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-ws-idp
> ${cas.version}
> 
>   
>
> The CAS Application Start's with follow Error:
>
> Log file:
>
> 2018-02-02 13:35:01,533 WARN [org.apereo.cas.web.CasWebApplicationContext] 
> -  attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: 
> Error creating bean with name 'casReportsConfiguration': Unsatisfied 
> dependency expressed through field 'cas3ServiceSuccessView'; nested 
> exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'casValidationConfiguration': Unsatisfied 
> dependency expressed through field 'centralAuthenticationService'; nested 
> exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'centralAuthenticationService' defined in class 
> path resource [org/apereo/cas/config/CasCoreConfiguration.class]: 
> Unsatisfied dependency expressed through method 
> 'centralAuthenticationService' parameter 0; nested exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'authenticationServiceSelectionPlan' defined in 
> class path resource [org/apereo/cas/config/CasCoreConfiguration.class]: 
> Unsatisfied dependency expressed through method 
> 'authenticationServiceSelectionPlan' parameter 0; nested exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'coreWsSecurityIdentityProviderConfiguration': 
> Unsatisfied dependency expressed through field 
> 'loginFlowDefinitionRegistry'; nested exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'casWebflowContextConfiguration': Unsatisfied 
> dependency expressed through field 'registeredServiceViewResolver'; nested 
> exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'casThemesConfiguration': Unsatisfied dependency 
> expressed through field 'authenticationRequestServiceSelectionStrategies'; 
> nested exception is 
> org.springframework.beans.factory.BeanCurrentlyInCreationException: Error 
> creating bean with name 'authenticationServiceSelectionPlan': Requested 
> bean is currently in creation: Is there an unresolvable circular reference?>
> 2018-02-02 13:35:04,075 ERROR 
> [org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - <
>
> ***
> APPLICATION FAILED TO START
> ***
>
> Description:
>
> The dependencies of some of the beans in the application context form a 
> cycle:
>
>casReportsConfiguration (field private 
> org.springframework.web.servlet.View 
> org.apereo.cas.web.report.config.CasReportsConfiguration.cas3ServiceSuccessView)
>   ↓
>casValidationConfiguration (field private 
> org.apereo.cas.CentralAuthenticationService 
> org.apereo.cas.web.config.CasValidationConfiguration.centralAuthenticationService)
>   ↓
>centralAuthenticationService defined in class path resource 
> [org/apereo/cas/config/CasCoreConfiguration.class]
> ┌─┐
> |  authenticationServiceSelectionPlan defined in class path resource 
> [org/apereo/cas/config/CasCoreConfiguration.class]
> ↑ ↓
> |  coreWsSecurityIdentityProviderConfiguration (field private 
> org.springframework.webflow.definition.registry.FlowDefinitionRegistry 
> org.apereo.cas.config.CoreWsSecurityIdentityProviderConfiguration.loginFlowDefinitionRegistry)
> ↑ ↓
> |  casWebflowContextConfiguration (field private 
> org.springframework.web.servlet.ViewResolver 
> org.apereo.cas.web.flow.config.CasWebflowContextConfiguration.registeredServiceViewResolver)
> ↑ ↓
> |  casThemesConfiguration (field private 
> org.apereo.cas.authentication.AuthenticationServiceSelectionPlan 
> org.apereo.cas.services.web.config.CasThemesConfiguration.authenticationRequestServiceSelectionStrategies)
>
>
> Thanks for your time.
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[Seb]

>
> Hello,
>

same problem as Stephen with 5.2.2, 

problem still alive with 5.3.0-RC2.

AT can you share your cas.properties and your pom.xml?

thank you
 

>  
>
 
>
 
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2431ef27-1ef4-40d9-aad4-eb70cd7caf77%40apereo.org.

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[AT]

>
> So it works under 5.3.0-RC2.
>>
>
Cas autogenerates the encryption/signing keys (still not sure how to add 
them to the keystore permanently).

But, at this point I would like to test my idp; usually, from what I 
understand, the idp needs to provide:


   - The Federation Service Identifier of the ADFS server, which is located 
   on the main ADFS properties dialog in the ADFS management application. –
   - The WS-Federation Passive endpoint for the ADFS server. The format is 
   usually "https://myadfsserver.com/adfs/ls/; or similar. It is located in 
   the ADFS management application, under the Endpoints section.


What are the corresponding urls for the cas server?

Thank you.
 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/29f0a585-c4fa-45fb-bc48-7f477a16fbfc%40apereo.org.

Re: [cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[AT]

>
> It compiles using version 5.3.0-RC2. 
>
I would really appreciate any guidance you can provide; the error below 
shows in the logs so understand I need to generate some additional keys but 
there are no instructions or more detailed documentation.
There are some instructions on generating private/public on a different 
apereo page altogether ... but they do not look exactly like what is needed 
in the WS Fed case

openssl genrsa -out private.key 1024
openssl rsa -pubout -in private.key -out public.key -inform PEM -outform DER
openssl pkcs8 -topk8 -inform PER -outform DER -nocrypt -in private.key -out 
private.p8
openssl req -new -x509 -key private.key -out x509.pem -days 365
# convert the X509 certificate to DER format
openssl x509 -outform der -in x509.pem -out certificate.crt





WARN 
[org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext]
 
- 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7dda0ec6-31c2-4d4c-919e-cd29831c2d82%40apereo.org.

[cas-user] Re: Problem integrating CAS 5.2.2 with WS Federation Identity Provider

[AT]

I am getting the same error in version 5.2.2.
(Btw, I was under the impression the cas-server-
support-ws-sts dependecy is not needed).

Any suggestion would be greatly appreciated.



On Friday, February 2, 2018 at 7:00:56 AM UTC-6, Steffen Fenger wrote:
>
> Hello,
>
>
> I  would like configure a WS Federation Identity Provider with CAS Maven 
> WAR Overlay. I'm added two Dependency to pom.xml 
>
> Based on this article
>
>  https://apereo.github.io/cas/5.2.x/protocol/WS-Federation-Protocol.html#
>
> 
> org.apereo.cas
> cas-server-support-ws-sts
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-ws-idp
> ${cas.version}
> 
>   
>
> The CAS Application Start's with follow Error:
>
> Log file:
>
> 2018-02-02 13:35:01,533 WARN [org.apereo.cas.web.CasWebApplicationContext] 
> -  attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: 
> Error creating bean with name 'casReportsConfiguration': Unsatisfied 
> dependency expressed through field 'cas3ServiceSuccessView'; nested 
> exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'casValidationConfiguration': Unsatisfied 
> dependency expressed through field 'centralAuthenticationService'; nested 
> exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'centralAuthenticationService' defined in class 
> path resource [org/apereo/cas/config/CasCoreConfiguration.class]: 
> Unsatisfied dependency expressed through method 
> 'centralAuthenticationService' parameter 0; nested exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'authenticationServiceSelectionPlan' defined in 
> class path resource [org/apereo/cas/config/CasCoreConfiguration.class]: 
> Unsatisfied dependency expressed through method 
> 'authenticationServiceSelectionPlan' parameter 0; nested exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'coreWsSecurityIdentityProviderConfiguration': 
> Unsatisfied dependency expressed through field 
> 'loginFlowDefinitionRegistry'; nested exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'casWebflowContextConfiguration': Unsatisfied 
> dependency expressed through field 'registeredServiceViewResolver'; nested 
> exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'casThemesConfiguration': Unsatisfied dependency 
> expressed through field 'authenticationRequestServiceSelectionStrategies'; 
> nested exception is 
> org.springframework.beans.factory.BeanCurrentlyInCreationException: Error 
> creating bean with name 'authenticationServiceSelectionPlan': Requested 
> bean is currently in creation: Is there an unresolvable circular reference?>
> 2018-02-02 13:35:04,075 ERROR 
> [org.springframework.boot.diagnostics.LoggingFailureAnalysisReporter] - <
>
> ***
> APPLICATION FAILED TO START
> ***
>
> Description:
>
> The dependencies of some of the beans in the application context form a 
> cycle:
>
>casReportsConfiguration (field private 
> org.springframework.web.servlet.View 
> org.apereo.cas.web.report.config.CasReportsConfiguration.cas3ServiceSuccessView)
>   ↓
>casValidationConfiguration (field private 
> org.apereo.cas.CentralAuthenticationService 
> org.apereo.cas.web.config.CasValidationConfiguration.centralAuthenticationService)
>   ↓
>centralAuthenticationService defined in class path resource 
> [org/apereo/cas/config/CasCoreConfiguration.class]
> ┌─┐
> |  authenticationServiceSelectionPlan defined in class path resource 
> [org/apereo/cas/config/CasCoreConfiguration.class]
> ↑ ↓
> |  coreWsSecurityIdentityProviderConfiguration (field private 
> org.springframework.webflow.definition.registry.FlowDefinitionRegistry 
> org.apereo.cas.config.CoreWsSecurityIdentityProviderConfiguration.loginFlowDefinitionRegistry)
> ↑ ↓
> |  casWebflowContextConfiguration (field private 
> org.springframework.web.servlet.ViewResolver 
> org.apereo.cas.web.flow.config.CasWebflowContextConfiguration.registeredServiceViewResolver)
> ↑ ↓
> |  casThemesConfiguration (field private 
> org.apereo.cas.authentication.AuthenticationServiceSelectionPlan 
> org.apereo.cas.services.web.config.CasThemesConfiguration.authenticationRequestServiceSelectionStrategies)
>
>
> Thanks for your time.
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop